The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WebDisk (WebDav) CSF LFD warnings

Discussion in 'General Discussion' started by jazee, Mar 17, 2017.

  1. jazee

    jazee Active Member

    Joined:
    Jan 12, 2015
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    I tried using Webdisk for the first time and I'm running Configserver Firewall and getting LFD warnings. I've tried adding the process name to the process ignore file but still getting both of these. Anyone been in the same boat know the best way to handle it?

    Excessive resource usage
    Resource: Process Time
    Exceeded: 21688 > 1800 (seconds)
    Executable: /usr/local/cpanel/3rdparty/perl/524/bin/perl
    Command Line: cpdavd - authenticated as <removed>
    PID: 14431 (Parent PID:11194)
    Killed: No

    Suspicious process running under user
    Executable:
    /usr/local/cpanel/3rdparty/perl/524/bin/perl
    Command Line (often faked in exploits):
    cpdavd - authenticated as <removed>
     
  2. sktest123

    sktest123 Well-Known Member

    Joined:
    Jan 31, 2017
    Messages:
    69
    Likes Received:
    3
    Trophy Points:
    8
    Location:
    kochin
    cPanel Access Level:
    Root Administrator
    Add exe /usr/local/cpanel/3rdparty/perl/524/bin/perl to /etc/csf/pignore
     
  3. jazee

    jazee Active Member

    Joined:
    Jan 12, 2015
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Wouldn't that filter anything that is run via Perl not just WebDisk (cpdavd)? I just want to exclude cpdavd.
     
  4. cPanelChrisI

    cPanelChrisI Technical Analyst II
    Staff Member

    Joined:
    Mar 24, 2014
    Messages:
    67
    Likes Received:
    11
    Trophy Points:
    83
    cPanel Access Level:
    Root Administrator
    Hello,

    I believe that adding this to the csf.pignore file should prevent those notifications:

    exe:/usr/local/cpanel/cpdavd

    Thanks!
     
Loading...

Share This Page